Summer 2018 Internet Security Changes Part II: GDPR Compliance

As our last blog noted, this summer will bring about several important internet security-related changes. The first in this three-part series covered SSL updates, which impact every single website. In our second post in our three-part series, we’re addressing something that is happening outside the country but could impact our clients, GDPR Compliance. The collection of data has made big headlines in recent months and the EU recently enacted legislation to protect its citizens and their information.

What is GDPR?

General Data Protection Regulation (GDPR) is legislation in the EU that extends to any business that targets and collects the information of EU citizens. GDPR says that if you collect personal data or behavioral information from someone in an EU country, your company is subject to the requirements of the GDPR.

What you need to know about General Data Protection Regulation:

First, the law only applies if the data subjects who are in the EU when the data is collected. This makes sense: EU laws apply in the EU. For EU citizens outside the EU when the data is collected, the GDPR would not apply.

And second, your business would have to employee personnel in the EU or target a data subject in an EU country. Passive marketing, like search engine optimization, doesn’t count.

This means that, in general, most US-based small businesses who are not directly targeting a data subject or employing people in an EU country are fine. That said, we’ve had customer ask how they can better protect their clients’ data, and so we’ve compiled a list of recommendations.

3 things you can do to protect your clients’ data and remain GDPR compliant:

1 – Use Google Analytics’ new data tracking settings to change what data you store.
2 – Don’t collect more data than you need and store the data you do collect securely.
3 – Tell your prospects exactly what you are doing with their data. For example, add a checkbox to contact forms so that users give explicit permission to be contacted by a member of your company.

While not related to GDPR compliance, it’s also a good idea to make sure you have both Terms of Service and Privacy Policy statements on your website.

If you have questions about how GDPR may affect your business, or if you have questions about anything else, we’re always here to help! Contact us today.